Fallos del tipo CWE-862

6815 resultados
CVE-2024-54311MEDIUMWordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-49832MEDIUMWordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-48750MEDIUMWordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-44147MEDIUMWordPress Comment Blacklist Updater plugin <= 1.1.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-51357MEDIUMWordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-50887MEDIUMWordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-46352HIGHIn the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from SmarEPSS 0.5%CVE-2024-1095MEDIUMBuild & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing AuthorizationEPSS 0.5%CVE-2024-33944MEDIUMWordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerabilityEPSS 0.5%CVE-2024-2107MEDIUMBlossom Spa <= 1.3.3 - Sensitive Information ExposureEPSS 0.5%CVE-2026-1734MEDIUMZhong Bang CRMEB crontab Endpoint CrontabController.php authorizationEPSS 0.5%CVE-2024-30234MEDIUMWordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-5251MEDIUMGrid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/DeleteEPSS 0.5%CVE-2022-26102Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attackeEPSS 0.5%CVE-2023-35777MEDIUMWordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-10589CRITICALLeopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.5%CVE-2026-4281MEDIUMFormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection FlowEPSS 0.5%CVE-2024-43119MEDIUMWordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-22611CRITICALCoolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)EPSS 0.5%CVE-2026-35561CRITICALInsufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driverEPSS 0.5%